Magento 1 shoplift bug


1. Shoplift bug test: https://magento.com/security-patch

magento-1-shoplift-bug-1

2. Download patch: SUPEE-5344 – Magento-CE-v1.8.x-1.9.x

For other Magento versions, please go to https://magento.com/tech-resources/download

magento-1-shoplift-bug-2

3. Apply patch: 【IMPORTANT: BEFORE PROCEEDING, PLEASE BACK UP YOUR WEBSITE AND DATABASE FIRST】
a. upload the patch into your Magento root directory
b. login to your server, change current directory to the Magento root
c. run this command sh PATCH_SUPEE-5344_CE_1.8.0.0_v1-2015-02-10-08-10-38.sh

magento-1-shoplift-bug-3

4. Remove all user accounts who you do not know in the table admin_user

magento-1-shoplift-bug-4

5. Shoplift bug test again: https://magento.com/security-patch

magento-1-shoplift-bug-5